InvalidAuthenticityToken exception when deleting cookies


I've been testing my project with some manual tests. One of them consists of deleting cookies ("clean personal info" in firefox) just before submit the login form. Then, I get an error.

The error message is: ActionController::InvalidAuthenticityToken in SessionsController#create

I'm on Rails 2.0.2 with restful_authentication plugin. I'm using default cookie session store, too.

Any idea?


This is Rails CSRF protection kicking in, see:

Try reloading the page with the form before submitting.


But can I reload the page automatically before submitting? or I must trust the user to do it... How can I avoid the user getting that exception?


could you try to include prototype in your layout? It's work for me :slight_smile:

Thank you, I tried it, but it doesn't seem to fix the error.